Isolated shutdown?

Isolated shutdown?

[Scott Helvick]

Hello all,

I've set up a system container with a mostly-complete filesystem, built from
scratch.  However, I'm having several minor issues, which leads me to
believe I'm misunderstanding something about how lxc works.  For one thing,
I find myself unable to kill processes within the container itself (process
handling is a whole other issue)... yet when I run 'shutdown', it not only
shuts down the container, but also the host!  Somehow I don't think this was
a design decision. :-)

Any tips would be appreciated.

Re: Isolated shutdown?

[Daniel Lezcano]

Scott Helvick wrote:
> Hello all,
>
> I've set up a system container with a mostly-complete filesystem, built from
> scratch.  However, I'm having several minor issues, which leads me to
> believe I'm misunderstanding something about how lxc works.  For one thing,
> I find myself unable to kill processes within the container itself (process
> handling is a whole other issue)... yet when I run 'shutdown', it not only
> shuts down the container, but also the host!  Somehow I don't think this was
> a design decision. :-)
>
> Any tips would be appreciated.
>   
It is not yet supported.
You can drop PR_CAPBSET_DROP capability for your system container, that 
will avoid to poweroff your host.

I proposed to send a signal to the parent of the process 1, telling if 
the container was doing poweroff or reboot but I didn't have any response :(

Re: Isolated shutdown?

[Scott Helvick]

On Tue, Aug 25, 2009 at 4:58 AM, Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>wrote:

> Scott Helvick wrote:
>
>> Hello all,
>>
>> I've set up a system container with a mostly-complete filesystem, built
>> from
>> scratch.  However, I'm having several minor issues, which leads me to
>> believe I'm misunderstanding something about how lxc works.  For one
>> thing,
>> I find myself unable to kill processes within the container itself
>> (process
>> handling is a whole other issue)... yet when I run 'shutdown', it not only
>> shuts down the container, but also the host!  Somehow I don't think this
>> was
>> a design decision. :-)
>>
>> Any tips would be appreciated.
>>
>>
> It is not yet supported.
> You can drop PR_CAPBSET_DROP capability for your system container, that
> will avoid to poweroff your host.


Stupid question; how exactly do I do this, and does it have any side
effects?   Running 'getpcaps' on the container only reveals:

# getpcaps 2022
Capabilities for `2022': =
cap_dac_override,cap_fowner,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_chroot,cap_sys_admin+ep

Re: Isolated shutdown?

[Daniel Lezcano]

Scott Helvick wrote:
> On Tue, Aug 25, 2009 at 4:58 AM, Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>wrote:
>
>   
>> Scott Helvick wrote:
>>
>>     
>>> Hello all,
>>>
>>> I've set up a system container with a mostly-complete filesystem, built
>>> from
>>> scratch.  However, I'm having several minor issues, which leads me to
>>> believe I'm misunderstanding something about how lxc works.  For one
>>> thing,
>>> I find myself unable to kill processes within the container itself
>>> (process
>>> handling is a whole other issue)... yet when I run 'shutdown', it not only
>>> shuts down the container, but also the host!  Somehow I don't think this
>>> was
>>> a design decision. :-)
>>>
>>> Any tips would be appreciated.
>>>
>>>
>>>       
>> It is not yet supported.
>> You can drop PR_CAPBSET_DROP capability for your system container, that
>> will avoid to poweroff your host.
>>     
>
>
> Stupid question; how exactly do I do this, and does it have any side
> effects?   Running 'getpcaps' on the container only reveals:
>
> # getpcaps 2022
> Capabilities for `2022': =
> cap_dac_override,cap_fowner,cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_chroot,cap_sys_admin+ep
>   
Which tools in userspace are you using ?